CVE-2025-54510

A flaw was found in the AMD Platform Security Processor in AMD EPYC™ 9005 Series CPUs. A missing lock check allows a privileged attacker with local access to potentially impact the confidentiality of guest data. This vulnerability could lead to unauthorized disclosure of sensitive information...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Version 1.0.8 of Vvveb contains a security vulnerability. This vulnerability stems from a logical flaw in the file renaming processor. It could allow...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from specially crafted read and write operations on the menvcfg structure, potentially causing the WPRI bit to be set unexpectedly,...

PT-2026-33855

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33947)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33947 advisory. - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath,...

jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

...

zrok 安全漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.1 contained security vulnerabilities. These vulnerabilities stemmed from logical errors in the unaccess processor, which could allow non-administrator users to delete the global frontend...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007262 advisory. In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled,...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-8179-1)

"The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8179-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-007506)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007506 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: Don't migrate perf to the CPU going to teardown The driver needs to migrate t...

EUVD-2025-209510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

CVE-2025-54510

The connected documents confirm CVE-2025-54510 affects AMD Zen 5 (and related platforms) via a missing lock verification in the AMD Secure Processor (ASP) firmware that can allow a locally authenticated, high-privilege attacker to alter MMIO routing during boot/init, potentially compromising gues...

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

CVE-2026-6314

An out of bounds write flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498782145...

CVE-2026-6314

CVE-2026-6314 affects Google Chrome’s GPU process. An out-of-bounds write in the GPU code prior to version 147.0.7727.101 could allow a remote attacker with GPU process access to potentially escape the sandbox via a crafted HTML page. Impact is a sandbox escape risk as described in the entry. Aff...

OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

2026-04 .NET 9.0.15 Security Update for x86 Client (KB5086097)

2026-04 .NET 9.0.15 Security Update for x86 Client KB5086097...